exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 100 RSS Feed

Files

VIGILANTE-2000007
Posted Aug 28, 2000
Authored by Vigilante | Site vigilante.com

Vigilante Advisory #7 - A malicious user can crash an Intel Express 550F or a host behind it by sending a packet with a malformed header. To restart the box you need remove it from it's power source as the reset button loses functionality as well. Affected systems: Intel Express Switch 550F - Firmware version 2.63 - Firmware version 2.64.

tags | exploit
SHA-256 | e5543dcadd99ee203a752f663a687366bd68f30736388f7036df6793e11c9e4c

Related Files

Zero Day Initiative Advisory 08-033
Posted May 27, 2008
Authored by Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable Motorola RAZR firmware based cell phones. User interaction is required to exploit this vulnerability in that the target must accept a malicious image sent via MMS. The specific flaw exists in the JPEG thumbprint component of the EXIF parser. A corrupt JPEG received via MMS can cause a memory corruption which can be leveraged to execute arbitrary code on the affected device.

tags | advisory, remote, arbitrary
SHA-256 | 73dad834e8ff64514f4a305d4cd194246463b06aed7c666a0862feb68f6c97d4
barracuda-xss.txt
Posted May 22, 2008
Site irmplc.com

The Barracuda Spam Firewall device web administration interface is vulnerable to a reflected cross site scripting vulnerability which may allow theft of administrative credentials or downloading of malicious content. IRM confirmed the presence of this vulnerability in Barracuda Spam Firewall 600 Firmware 3.5.11.020. The vendor has confirmed the issue exists in all versions prior to 3.5.11.025.

tags | exploit, web, xss
advisories | CVE-2008-2333
SHA-256 | 9f40b815888c87cdeb682e726a415b2f57a0e4e96a16e1c928489289784a80fb
linksys-bypass.txt
Posted Mar 26, 2008
Authored by meathive | Site kingpinz.info

The Linksys WRT54G firmware version 1.00.9 suffers from a slew of bypass vulnerabilities. Full details provided.

tags | exploit, vulnerability, bypass
advisories | CVE-2008-1247
SHA-256 | 56c6c3e22d21d215263eac4438a45fbbd1ee78f39e47e11bf406698b138d115a
levelone-root.txt
Posted Jan 8, 2008
Authored by Anastasios Monachos

The Level-One WBR-3460A firmware versions 1.00.11 and 1.00.12 suffer from a remote root compromise vulnerability due to unrestricted access via telnetd.

tags | exploit, remote, root
SHA-256 | 733ea2bb14be7fbc8e5b40009136d67407e4c9a5c3b932b6db5716a1804ab6f5
Secunia Security Advisory 27926
Posted Dec 5, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in the XSCF Control Package (XCP) firmware for Sun SPARC Enterprise M4000/M5000/M8000/M9000, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
SHA-256 | a9ff15b05f603a6c46f160cd0de2b1bd2a1c604069b9cadb48b8c3781b4b393d
itiff_exploit.cpp
Posted Oct 23, 2007
Authored by Niacin, Dre | Site toc2rta.com

Exploit for the iTouch/iPhone libtiff vulnerability. This will work on iTouch/iPhone firmware 1.0.2 and 1.1.1.

tags | exploit
systems | apple, iphone
SHA-256 | 7900a48bb73cf7d320a24b4a6659a542ab4c1a27be2a82684e47548881923783
mobilemail_libtiff.rb.txt
Posted Oct 23, 2007
Authored by H D Moore, Kevin Finisterre | Site metasploit.com

This Metasploit module exploits a buffer overflow in the version of libtiff shipped with firmware versions 1.00, 1.01, 1.02, and 1.1.1 of the Apple iPhone. iPhones which have not had the BSD tools installed will need to use a special payload.

tags | exploit, overflow
systems | bsd, apple, iphone
SHA-256 | 159b79d396cc6be73eddeb8db6cd9975c0d95b50f6eb41571ed8f34e088a507f
safari_libtiff.rb.txt
Posted Oct 23, 2007
Authored by H D Moore, Kevin Finisterre | Site metasploit.com

This Metasploit module exploits a buffer overflow in the version of libtiff shipped with firmware versions 1.00, 1.01, 1.02, and 1.1.1 of the Apple iPhone. iPhones which have not had the BSD tools installed will need to use a special payload.

tags | exploit, overflow
systems | bsd, apple, iphone
SHA-256 | ba86f554ff58ec884739058eb80af65e4d58a0973721425b952d586468e13d92
barracude-xss.txt
Posted Sep 25, 2007
Authored by Federico Kirschbaum | Site infobyte.com.ar

The Barracuda Spam Firewall with firmware version 3.4.10.102 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 73c210a75e96db9b0ef220f0c9d717f3b8fe755f378c8347463d89062fd2a53e
CX-2007-05.txt
Posted Jul 12, 2007
Authored by Daniel Weber

Calyptix Security Advisory - Multiple versions of eSoft's InstaGate EX2 UTM device are vulnerable to cross-site request forgery. The vulnerable firmwares include 3.1.20031001, 3.1.20060921, and 3.1.20070605. Other eSoft products were not tested. This vulnerability allows an attacker to run commands on the web interface if the attacker can get the eSoft user to view a hostile web page while logged into his eSoft. These actions could include opening up remote access.

tags | advisory, remote, web, csrf
SHA-256 | ff2820b979ab7a729e267c92c50a8b221b9ffde20769cec07007eaf16aff470b
CX-2007-04.txt
Posted Jun 29, 2007
Authored by Daniel Weber

Calyptix Security Advisory CX-2007-04 - Multiple versions of Check Point's Safe@Office UTM device are vulnerable to cross-site request forgery. The test firmware was version 7.0.39x, the latest available for the Safe@Office model. Cursory testing shows that prior version 5.0.82x was also vulnerable. Other Check Point products were not tested.

tags | advisory, csrf
SHA-256 | 5a7280c2e84db6499337852cb17b9d7dc4fa7639fe87c2d1243fd24daff9054a
dlink-arp.txt
Posted Dec 12, 2006
Authored by poplix

The D-LINK DWL-2000AP+ with firmware version 2.11 is prone to two remote denial of service vulnerabilities because it fails to handle arp flooding.

tags | advisory, remote, denial of service, vulnerability
SHA-256 | 87d03a41d7205746c6fdc2717648002c7605bc5def176cb29db02f70e7827bcf
DD-WRT-firmware.txt
Posted Oct 30, 2006
Authored by jfcastilho

Any router running DD-WRT only checks the first 8 characters of a users password. The DD-WRT firmware is used in many Linksys routers.

tags | advisory
SHA-256 | b39b63064f539d2fcf3558b21e0539ef9ca1fef50960fc82361ed466a56069ec
SS28S-WiFi.txt
Posted Oct 2, 2006
Site osnews.com

Zachary McGrew has discovered and reported that the FiWin SS28S WiFi VoIP SIP/Skype Phone with firmware version 01_02_07 has VxWorks Telnet open with a hardcoded user/pass of 1/1. Various debug commands enable viewing SIP credentials, WEP keys, etc. on the phone.

tags | advisory
SHA-256 | 138cdacc373d3af2dbbd24f6e8d71941abf2c06921c5be017a9267824cfd6155
EEYE-dlink.txt
Posted Jul 20, 2006
Authored by Barnaby Jack | Site eeye.com

A remote stack overflow exists in a range of wired and wireless D-Link routers. This vulnerability allows an attacker to execute privileged code on an affected device. When a specific request is sent to an affected device, a traditional stack overflow is triggered allowing an attacker complete control of the router. With the ability to execute code on the device, it is then possible to apply modified firmware, and ultimately compromise the entire network.

tags | advisory, remote, overflow
SHA-256 | 25d882c6fb0ae5a475f5d6f2351d4ac9dc574a80eed93c6005f7c73dc6e35280
barracuda-advisory-LHA.txt
Posted Apr 4, 2006
Authored by Jean-Sebastien Guay-Leroux | Site guay-leroux.com

The Barracuda Spam Firewall with firmware less than 3.3.03.022 and spamdef less than 3.0.10045 suffers from a remote compromise via an email containing a specially crafted LHA archive.

tags | advisory, remote
SHA-256 | 1fc543a965dad878e85c76e8374b6bf456536444e43cef102ce41c68fd3b54f1
barracuda-advisory-ZOO.txt
Posted Apr 4, 2006
Authored by Jean-Sebastien Guay-Leroux | Site guay-leroux.com

The Barracuda Spam Firewall with firmware less than 3.3.03.022 and spamdef less than 3.0.9388 suffers from a remote compromise via an email containing a specially crafted ZOO archive.

tags | advisory, remote
SHA-256 | b1a125d11ebe95bcf9be62768a67891c17278898c0cd6217c2f1e78f625b5082
Cisco Security Advisory 20051116-7920
Posted Nov 20, 2005
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Cisco 7920 Wireless IP Phone provides Voice Over IP service via IEEE 802.11b Wi-Fi networks and has a form-factor similar to a cordless phone. This product contains two vulnerabilities: The first vulnerability is an SNMP service with fixed community strings that allow remote users to read, write, and erase the configuration of an affected device. The second vulnerability is an open VxWorks Remote Debugger on UDP port 17185 that may allow an unauthenticated remote user to access debugging information or cause a denial of service. Confirmed vulnerable: Cisco 7920 Wireless IP Phone, firmware version 2.0 and earlier.

tags | advisory, remote, denial of service, udp, vulnerability
systems | cisco
SHA-256 | e804956fd97eb0bd0b7fd8794d6e295d413c65ced5fc2ad00ed87ebbad7b84a5
belkinVuln.txt
Posted Nov 20, 2005
Authored by Andrei Mikhailovsky | Site arhont.com

A serious security vulnerability have been found in authentication system of Belkin Wireless Routers. The vulnerability has been confirmed in Belkin Wireless Routers models F5D7232-4 and F5D7230-4 with latest firmware 4.05.03 and with firmware 4.03.03. Previous firmware versions are also likely to be effected. Other Belkin wireless devices are likely to be vulnerable.

tags | advisory
SHA-256 | 98f635054633bca917f22e9458132c65582acf61c13b8d3338113d4c51434170
Secunia Security Advisory 17601
Posted Nov 19, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Andrei Mikhailovsky has reported a vulnerability in Belkin Wireless G Router, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an access control error in the router's web-based management page. The management page is accessible by other users without authentication if a legitimate user is currently logged on. The vulnerability has been reported in models F5D7230-4 and F5D7232-4 using the latest firmware 4.03.03 and 4.05.03.

tags | advisory, web
SHA-256 | 0c36c3d81dc54b52b3d968f26b22d654d0152f47542d9ff5de1b0900df3a7a5e
LayerOneCFP.txt
Posted Nov 9, 2005
Authored by LayerOne | Site layerone.info

LayerOne 2006 - Call for Papers - LayerOne is now officially accepting papers and presentations for consideration at our 2006 show. We are looking for people to speak on a broad range of topics, so all submissions will be considered. At the moment we're interested in hearing from potential speakers with the following interests: Data Forensics, Reverse Engineering, VoIP (security and development), Emerging Security Trends, Regulatory Issues (SOX, PCI, ISO 17799, etc), Firmware/Embedded Systems Hacking.

tags | paper, conference
SHA-256 | 38046b10e761b0737f9adaecc125068acd262730c34c2288dde55dce30615e6b
planetBackdoor.txt
Posted Oct 7, 2005
Authored by Luis Miguel Silva

The Planet Technology Corp FGSW2402RS switch has a backdoor hardwired into the firmware when using a default password.

tags | exploit
SHA-256 | 8f126b9a23ef77e2628e95e48967da8c70f189f39dde9a38b155b05bdf6cacc3
iDEFENSE Security Advisory 2005-09-13.5
Posted Sep 14, 2005
Authored by iDefense Labs, Greg MacManus | Site idefense.com

iDEFENSE Security Advisory 09.13.05 - Remote exploitation of a buffer overflow vulnerability in multiple versions of the firmware for Cisco Systems Inc.'s Linksys WRT54G wireless router may allow unauthenticated execution of arbitrary commands as the root user. The vulnerability specifically exists in the 'apply.cgi' handler of the httpd running on the internal interfaces, including the by default the wireless interface. This handler is used by the many of the configuration pages to perform the configuration management of the router. If an unauthenticated remote attacker sends a POST request to the apply.cgi page on the router with a content length longer than 10000 bytes, an exploitable buffer overflow may occur. iDEFENSE has confirmed the existence of this vulnerability in version 3.01.03 of the firmware of the Linksys WRT54G, and has identified the same code is present in version 3.03.6. All versions prior to 4.20.7 may be affected.

tags | advisory, remote, overflow, arbitrary, cgi, root
systems | cisco
advisories | CVE-2005-2799
SHA-256 | 0d2ff860dea860de42a45c16cc7d95f21cc2575bf4ed334cd26ddb2fcccb6756
iDEFENSE Security Advisory 2005-09-13.4
Posted Sep 14, 2005
Authored by iDefense Labs, Greg MacManus | Site idefense.com

iDEFENSE Security Advisory 09.13.05 - Remote exploitation of a design error in the upgrade.cgi component of Cisco Systems Inc.'s Linksys WRT54G wireless router may allow unauthenticated modification of the router firmware. The vulnerability specifically exists in the POST method of the upgrade.cgi handler. The httpd running on the internal interfaces, including by default the wireless interface, does not check if authentication has failed until after data supplied by an external user has been processed. The upgrade.cgi handler allows a user to upload new firmware, which contains the operating system and applications, into the non-volatile memory of the router. iDEFENSE has confirmed the existence of this vulnerability in version 3.01.03 of the firmware of the Linksys WRT54G wireless router, and has identified the same code is present in versions 3.03.6 and 4.00.7. All versions prior to 4.20.7 may be affected.

tags | advisory, remote, cgi
systems | cisco
SHA-256 | 579720bc1784ef15c6e2733f48c794db8088d0e54246933e0848b20b06762808
iDEFENSE Security Advisory 2005-09-13.3
Posted Sep 14, 2005
Authored by iDefense Labs, Greg MacManus | Site idefense.com

iDEFENSE Security Advisory 09.13.05 - Remote exploitation of an input validation error within the web management httpd component of Cisco Systems Inc.'s Linksys WRT54G wireless router may allow unauthenticated users to cause a denial of service (DoS). The vulnerability exists in several of the POST method handlers of the httpd running on the router's internal interfaces, including by default the wireless interface. In addition to not checking if authentication has failed until after data supplied by an external user has been processed, there are several places where the Content-Length is assumed to be valid. In some of those cases, data is read in without error checking while decrementing the length value. If the Content Length is set to a negative number, these checks will take an extremely long time, during which the httpd will become unresponsive. iDEFENSE has confirmed the existence of this vulnerability in version 3.01.3 of the firmware of the Linksys WRT54G wireless router, and has identified the same code is present in versions 3.03.6 and 4.00.7. All versions prior to 4.20.7 may be affected.

tags | advisory, remote, web, denial of service
systems | cisco
SHA-256 | 1cbd9bb6174d8c8f9764edffe4432d893a71dd3dae113f34c72685dea78b5fa6
Page 3 of 4
Back1234Next

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    0 Files
  • 9
    Sep 9th
    0 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close